7 Free Online Tools to Scan Websites for Security Vulnerabilities

In Q3 of 2016, Sucuri reported that WordPress again led all content management systems with the number of hacked websites. WordPress alone claimed ownership of 74% of all detected infections and vulnerabilities.

Ugh. That’s always a huge let-down. With people already looking for reasons not to use WordPress or hearing horror stories about this very thing, news like this makes it seem like the platform is inherently insecure (which it’s not).

But here’s the thing: with so many eyes on WordPress due to its overwhelming popularity over other CMS, it will continue to be the target of hackers. It’s just something we have to expect at this point. And that’s why we shouldn’t be asking “Is WordPress Secure?” but more “What can I do to make my WordPress site more secure?”

Enacting a security plan is essential, of course. And utilizing a variety of firewalls, security plugins, antivirus software, and more will help. But you should also look outside of WordPress for assistance in keeping your site safe. An online security scanner will give you an extra set of eyes to sweep through your site and alert you to any potential pitfalls within it.

7 Free Online Security Scanners to Check Your WordPress Site

Your security audit process already includes a deep-dive internal security scan with a plugin like Defender–which is absolutely necessary. You’ll need that if you want to see deep down inside the guts of your site and hosting environment. An online scanner, on the other hand, will take care of the superficial scan of your site for malicious content, code, or other hidden entities just waiting to wreak havoc on it.

It will look for problems like:

Unauthorized backlinks, ads, or redirects

Unauthorized use of bandwidth (like hotlinks)

Malware

Infected code, plugins, themes

And more.

Since you’re already spending money on a secure host, a premium security plugin, antivirus or malware software, and more, there’s no need to spend any more on an online security scanner to help you check your WordPress site for vulnerabilities. Many of these are available for free and require little more than entering your site’s URL into a field.

Here are 7 awesome online scanner tools you should consider using:

Hacker Target WordPress Security Scan

The best part about using a security scanner like Hacker Target’s is that it was specifically built to inspect the more troublesome elements on a WordPress site. So, you’ll find analyses here for plugins and themes as well as other particularly weak areas of websites.

Scanurl

Scanurl’s online scanner tool is a very simple one. The tool itself will provide you with few details on your site’s security, including:

Whether anyone has marked your site as “unsafe”

Whether it passed the Google Safe Browsing test

Whether PhishTank has a file on your site

Whether Web of Trust has any negative ratings on your site

In addition, the bottom of the scanner provides links to other security scanning resources. So, if you’re curious to see what smaller, more targeted reports from places like Norton, McAfee, and VirusTotal have to say, you can get those here in the resource aggregation list.

SiteGuarding.com

SiteGuarding.com works similarly to the other online scanners on this list. However, there’s something really nice about the interface in which the results are displayed. Even a novice WordPress user should be able to use this tool and understand where their site’s problem areas are.

UpGuard

This online scanner from UpGuard is great because it handles online security analysis in a sort of gamification format. You’ll receive a security score based on how your website performs a number of factors like:

WP Neuron WordPress Vulnerability Scanner

This WordPress-specific vulnerability scanner targets your plugins and themes, so if you suspect you have issues there, this will point you in the right direction. It does also provide details on things like outdated versioning, the robots.txt file, and oddities found in your site’s header. However, the bulk of the analytics you’ll receive from this tool speak directly to the quality and status of your WordPress plugins and themes.

WPRecon WordPress Uptime & Security Monitoring

The security vulnerability results you receive from this online scanner remind me of what you’ll get with Hacker Target. However, there are three key differences here, and I think these will make a world of difference for WordPress developers really trying to dig into any issues they’re encountering with security. The three additional pieces of information you’ll receive are:

Internal links

JavaScript links

iFrames links

With this information included in your analysis, you’ll be able to more quickly detect anything that doesn’t belong on your site that you might not otherwise notice.

Wrapping Up

There’s a lot of work that’s required of you in order to keep your WordPress site safe. Luckily, you can offload most of the monitoring work to security plugins like Defender as well as free online vulnerability scanners like the ones mentioned above. By utilizing a reliable set of tools to keep an eye on your site, you’ll more effectively (and quickly) be able to handle security issues as they arise.

Brenda Barron is a freelance writer from Southern California. She specializes in WordPress, tech, business and founded WP Theme Roundups. When not writing all the things, she's spending time with her family.

Thanks for your info. I surf the internet and i got one more useful website hackercombat, which is used to Scan your website for malware and security issues absolutely free. Hacker Combat provides a cloud-based Free Website Malware Scanner for scanning your websites and generating scan reports.